Open gene1wood opened 5 years ago
i think you put it in right?
What we have currently is this.
Problem is, it doesn't care what the backend state is in and will happily tell a load balancer to send it taffic when the backend is serving 500s
So the change would be to have this endpoint hit an unauthenticated endpoint on the backend service and report back the status code as the status code of the /health
page (or something like that.
If we can do this with openresty / LUA
Let's add a path (e.g.
/health
) that when hit/
)This allows for load balancers to know when a mozilla.oidc.accessproxy fronted service is actually ready to accept traffic.
One risk we need to think about is if there's any potential for using the timing of the response of the health check page to divine differences in the backend service page that's being checked.